Re: [Qmail-scanner-general]Re:Badtrans go thru! -- new fixcrio.c

[John N. <jn...@cd...>]

----- Original Message -----
From: "Jason Haar" <Jas...@tr...>
To: <qma...@li...>
Sent: Monday, December 31, 2001 2:07 PM
Subject: Re: [Qmail-scanner-general]Re:Badtrans go thru! -- new fixcrio.c


> On Mon, Dec 31, 2001 at 01:57:46PM -0500, CertaintyTech - Ed Henderson
wrote:
>
> You're saying the original looked like:
>
> Content-Type: text/plain;\rcharset="iso-8859-1"\n
>
> I mean - that's just plain broken anyway - that's just not valid anywhere.
>

According to RFC2046, this is true.  Is doing nothing really
the best course of actiong, however, because its potentially
throwing off the scanner?

<RANT>
So what should be done?
 - Not allow any user to use any Microsoft product that can't
      adhere to Internet Standards?
   A note-worthy solution, but impractical.  The Internet's
   popularity is partly due to Microsoft and they're easy-to-
   use "solutions" for accessing the Internet, regardless of
   their inability to adhere to standards, defacto or otherwise,
   and dispite their love for writing programs with defects that
   are easily exploitable.  Can we honestly go up to people and
   say "No Windows For You!" and install a *NIX OS that they in
   turn are too lazy to keep secure as well, which is a whole
   other playground for the packet- and script-kiddies out there.

 - Drop large bombs on 1 Microsoft Way?
   Oh the joys that would bring - but again, not a practical
   solution.

 - Find a way to get around this and fixing the broken header?
   Personally, the only solution I can think of.  We can't rely
   on Microsoft to fix this (and it may exist in Non-MS products
   as well), and if they do, who's going to go around and make
   sure everyone updates?  The same person who went around and
   made sure everyone patched their IIS server to protect against
   Nimda and Codered?  (I'm still seeing hits for these, so whoever
   this person is is either slow or not doing a thorough job).
</RANT>

So, the question remains, at what level should this be fixed?
The obvious is to fix it at the end-user, by fixing the broken
client - as reasons stated prior, not a practical solution.

Fix it at the SMTP level?  Patching qmail would be a good place
to do this, but this is a MIME problem really, not SMTP - its
not the SMTP protocol's fault this occuring, so, like the
'fixcrio' patch - we're putting the bandaid on the wrong wound.

Fix it at reformime?  The program that is responsible for ripping
apart the e-mail message and getting the attachments out is
failing because it didn't take the lack of '\n's into account.
Don't blame them - as Haar, DJB, and the RFC's have stated in one
form or another, its just wrong syntax.  But this inconsistancy
has occured, and, in my opinion, should be addressed.

Fix it in Q-S?  As stated w/ SMTP, its really not Q-S's fault
either.  However, PERL can more easily fix broken headers like
this.  This is will slow down Q-S a bit, however, but will keep
reformime RFC-compliant and should reformime be updated, we would
possibly have to rewrite the patch, make sure its reapplied, etc.

<MORE RANTING>
Do absolutely nothing?  Personally, my choice.  Q-S does a great
job in helping to prevent viruses getting through, and we all love
ya Haar, but no body is perfect and things may slip through the
cracks.  Thats just nature.  End-users, should they be customers
of an ISP, or employees at a corporation, should be somewhat
educated on the risks of attachments, e-mail clients, and really
should have a desktop-level anti-virus software installed for
more reasons than I can namely, but mainly because e-mail is not
the only way a virus/worm/trojan can get in.  End-users should
also be educated to keep their software up-to-date, because a
scanner thats out of date might as well not even be there.
</OK ALL DONE>

Thats all my $.02.  It is now really a request for comments of
sorts - do we fix it or is it not really even broken?

As far as "fixing" 'fixcrio' - personally I don't recommend using
my patch :).  I patched it because it was requested and I was
feeling lucky this morning (feeling lucky, not got lucky).  But
as Haar has said, it would break if ESMTP is used.

    - John

John Narron - jn...@cd...        | "If I die tomorrow
Network Administration                   |    I'll be alright because I
believe
CDS/CDSinet, LLC http://www.cdsinet.net  |  That after we're gone
122 N. Lafayette, Marshall, MO  65340    |    The spirit carries on."
fon: (660) 886 4045 fax: (660) 886 4065  |    - Dream Theater